码上敲享录 > PHP开发经验分享 > php对字符串进行SQL注入过滤

php对字符串进行SQL注入过滤

上一章章节目录下一章 2018-11-25已有1467人阅读 评论(0)

php对字符串进行SQL注入过滤


解决方法:

function sqlfilter($string){

$string_old = $string;

$string = str_ireplace("\\","/",$string);

$string = str_ireplace("\"","/",$string);

$string = str_ireplace("'","/",$string);

$string = str_ireplace("*","/",$string);

$string = str_ireplace("%5C","/",$string);

$string = str_ireplace("%22","/",$string);

$string = str_ireplace("%27","/",$string);

$string = str_ireplace("%2A","/",$string);

$string = str_ireplace("~","/",$string);

$string = str_ireplace("select", "\sel\ect", $string);

$string = str_ireplace("insert", "\ins\ert", $string);

$string = str_ireplace("update", "\up\date", $string);

$string = str_ireplace("delete", "\de\lete", $string);

$string = str_ireplace("union", "\un\ion", $string);

$string = str_ireplace("into", "\in\to", $string);

$string = str_ireplace("load_file", "\load\_\file", $string);

$string = str_ireplace("outfile", "\out\file", $string);

$string = str_ireplace("sleep", "\sle\ep", $string);

$string = strip_tags($string);

if($string_old!=$string){

$string='';

}

$string = trim($string);

return $string;

}


本文链接:http://www.yayihouse.com/yayishuwu/chapter/1711

向大家推荐《Activiti工作流实战教程》:https://xiaozhuanlan.com/activiti
0

有建议,请留言!

  • *您的姓名:

  • *所在城市:

  • *您的联系电话:

    *您的QQ:

  • 咨询问题:

  • 提 交